gitlab-runner 如何配置使用Overwrite generated pod specifications
说明
Overwrite generated pod specifications
此功能目前处于 Beta 阶段。我们强烈建议您先在测试 Kubernetes 集群上使用此功能,然后再将其用于生产集群。要使用此功能,您必须启用 FF_USE_ADVANCED_POD_SPEC_CONFIGURATION 功能标志。
要修改runner 管理端生成的 PodSpec,请使用 config.toml 文件中的 pod_spec 设置。
pod_spec 设置:
- 覆盖并补全生成的 pod 规范的字段。
- 覆盖 [runners.kubernetes] 下的 config.toml 中可能已设置的配置值。
你可以配置多个 pod_spec 设置:
- name :定义 pod_spec 的名称。
- patch_path :定义在生成最终 PodSpec 对象之前应用于该对象的更改的文件路径。该文件必须是 JSON 或 YAML 文件。
- patch :一个 JSON 或 YAML 格式的字符串,描述在生成最终 PodSpec 对象之前必须应用于它的更改。
- patch_type :runner用于将指定更改应用于 GitLab Runner 生成的 PodSpec 对象的策略。可接受的值包括 merge、json 和 strategic。
不能在同一个 pod_spec 配置中设置 patch_path 和 patch,否则会出错。
Merge patch strategy(不推荐)
合并补丁策略将键值替换应用于现有的 PodSpec。如果使用此策略,config.toml 中的 pod_spec 配置会覆盖最终 PodSpec 对象生成之前的值。因为这些值被完全覆盖,所以你应该谨慎使用此补丁策略。
如:
concurrent = 1
check_interval = 1
log_level = "debug"
shutdown_timeout = 0
[session_server]
session_timeout = 1800
[[runners]]
name = ""
url = "https://gitlab.example.com"
id = 0
token = "__REDACTED__"
token_obtained_at = 0001-01-01T00:00:00Z
token_expires_at = 0001-01-01T00:00:00Z
executor = "kubernetes"
shell = "bash"
environment = ["FF_USE_ADVANCED_POD_SPEC_CONFIGURATION=true", "CUSTOM_VAR=value"]
[runners.kubernetes]
image = "alpine"
...
[[runners.kubernetes.pod_spec]]
name = "build envvars"
patch = '''
containers:
- env:
- name: env1
value: "value1"
- name: env2
value: "value2"
name: build
'''
patch_type = "merge"
使用此配置,最终的 PodSpec 只有一个名为 build 的容器,其中包含两个环境变量 env1 和 env2。上面的示例导致相关的 CI 作业失败,原因如下:
- helper 容器规范被移除。
- build 容器规范丢失了 GitLab Runner 设置的所有必要配置。 为了防止作业失败,在此示例中,pod_spec 必须包含 GitLab Runner 生成的未修改的属性。
JSON patch strategy
JSON 补丁策略使用 JSON 补丁规范来控制 PodSpec 对象和数组的更新。不能在数组属性上使用此策略。
以下是使用 JSON 补丁策略的 pod_spec 配置示例。在此配置中,新的键值对被添加到现有的 nodeSelector 中。现有值不会被覆盖。
concurrent = 1
check_interval = 1
log_level = "debug"
shutdown_timeout = 0
[session_server]
session_timeout = 1800
[[runners]]
name = ""
url = "https://gitlab.example.com"
id = 0
token = "__REDACTED__"
token_obtained_at = 0001-01-01T00:00:00Z
token_expires_at = 0001-01-01T00:00:00Z
executor = "kubernetes"
shell = "bash"
environment = ["FF_USE_ADVANCED_POD_SPEC_CONFIGURATION=true", "CUSTOM_VAR=value"]
[runners.kubernetes]
image = "alpine"
...
[[runners.kubernetes.pod_spec]]
name = "val1 node"
patch = '''
{ "op": "add", "path": "/nodeSelector", "value": { key1: "val1" } }
'''
patch_type = "json"
Strategic patch strategy
此策略性补丁策略使用应用于 PodSpec 对象每个字段的现有 patchStrategy。
以下是一个使用策略性补丁策略的 pod_spec 配置示例。在此配置中,资源请求设置为 build 容器。
concurrent = 1
check_interval = 1
log_level = "debug"
shutdown_timeout = 0
[session_server]
session_timeout = 1800
[[runners]]
name = ""
url = "https://gitlab.example.com"
id = 0
token = "__REDACTED__"
token_obtained_at = 0001-01-01T00:00:00Z
token_expires_at = 0001-01-01T00:00:00Z
executor = "kubernetes"
shell = "bash"
environment = ["FF_USE_ADVANCED_POD_SPEC_CONFIGURATION=true", "CUSTOM_VAR=value"]
[runners.kubernetes]
image = "alpine"
...
[[runners.kubernetes.pod_spec]]
name = "cpu request 500m"
patch = '''
containers:
- name: build
resources:
requests:
cpu: "500m"
'''
patch_type = "strategic"
Best practices
在部署到生产环境之前,请在测试环境中测试添加的 pod_spec。
确保 pod_spec 配置不会对 GitLab Runner 生成的规范产生负面影响。
对于复杂的 pod 规范更新,请勿使用合并补丁策略。
如果配置可用,请尽可能使用 config.toml。例如,以下配置会将 GitLab Runner 设置的第一个环境变量替换为自定义 pod_spec 中设置的变量,而不是将环境变量添加到现有列表中。
concurrent = 1 check_interval = 1 log_level = "debug" shutdown_timeout = 0 [session_server] session_timeout = 1800 [[runners]] name = "" url = "https://gitlab.example.com" id = 0 token = "__REDACTED__" token_obtained_at = 0001-01-01T00:00:00Z token_expires_at = 0001-01-01T00:00:00Z executor = "kubernetes" shell = "bash" environment = ["FF_USE_ADVANCED_POD_SPEC_CONFIGURATION=true", "CUSTOM_VAR=value"] [runners.kubernetes] image = "alpine" ... [[runners.kubernetes.pod_spec]] name = "build envvars" patch = ''' containers: - env: - name: env1 value: "value1" name: build ''' patch_type = "strategic"
patch
场景1:JSON patch strategy
runners:
config: |
[[runners]]
environment = ["FF_USE_ADVANCED_POD_SPEC_CONFIGURATION=true"]
[runners.kubernetes]
pull_policy = ["if-not-present"]
namespace = "{{.Release.Namespace}}"
privileged = true
image = "alpine"
[[runners.kubernetes.pod_spec]]
name = "test_spec"
patch = '''
[
{
"op": "add",
"path": "/containers/0/resources",
"value": {
"limits": {
"cpu": "800m"
},
"requests": {
"cpu": "600m"
}
}
}
]
'''
patch_type = "json"
场景2:Strategic patch strategy
runners:
config: |
[[runners]]
environment = ["FF_USE_ADVANCED_POD_SPEC_CONFIGURATION=true"]
[runners.kubernetes]
pull_policy = ["if-not-present"]
namespace = "{{.Release.Namespace}}"
privileged = true
image = "alpine"
[[runners.kubernetes.pod_spec]]
name = "test_spec"
patch = '''
containers:
- name: build
resources:
requests:
cpu: "400m"
limits:
cpu: "700m"
'''
patch_type = "strategic"
patch_path
patch_path :定义在生成最终 PodSpec 对象之前应用于该对象的更改的文件路径。该文件必须是 JSON 或 YAML 文件。
创建文件
cat runner-pod-patches.yml
apiVersion: v1
kind: ConfigMap
metadata:
name: runner-pod-patches
data:
pod-patch.yaml: |
[
{
"op": "add",
"path": "/containers/0/resources",
"value": {
"limits": {
"cpu": "500m"
},
"requests": {
"cpu": "200m"
}
}
}
]
kubectl apply -f runner-pod-patches.yml